How to find the serial# for Lines’98 version 2.2 !They don't come any easier than this! BY DABERT Tutorial# 3 Target: Lines'98 v 2.2 Author: SORCERER (aka Dmitry V. Kivilyov)Perm, Russia Where : http://asu.pstu.ac.ru/lines98 Protection: Serial,calculated by what information you enter. Tools: Softice 3.25 About the game; The objective is to score as many points as possible by making balls of one color form various shapes.Use the mouse to move the balls. First select the ball to be moved, then an empty destination square. If the destination square is occupied by another ball, that ball is now selected to be moved . Note that you cannot always place the ball where you'd want to. After you move a ball, three more appear, except when you formed a shape.The more balls in a shape, the more points you score for making it.You can select three different game modes. They are very similar, except the shapes you need to create are different for every type. The Author say's Since Lines’98 is shareware you must register the program to continue using it after 7 day trial period. The registration fee is only $9. Once registered, you remain a registered user for this and all future versions of Lines’98. Registered users will receive information about new Skins and latest versions of the game via e-mail. In order to register, you should first receive the Registration Code (see further) and then press the “Register” button on the Shareware Nag Screen. After pressing the “Register” button you will be asked to enter the following information: Name: Enter your name here. E-mail: Enter your e-mail address. Code: The shareware unlock code you received during the registration. Obtaining the unlock code Ok enough bullshit,do as the Author say's and press the "Register" button on the shareware nag screen and enter your user information.It can be anything you like as long as the e-mail address looks valid because the serial is calculated from this piece of information.I think so anyway because I tried different names and code but left the e-mail the same and got the same serial every time.Let me know if I'm wrong. This is what I entered; Name; Pirate Copy E-mail; piratecopy@free.com Code; 998899 Do not press the OK button yet.Enter Softice with ctrl-d and place a break point on GetDlgItemTextA like this "bpx getdlgitemtexta" without the " " and press return now press ctrl-d or F5 to get out of Softice and return to the program.Press the OK button now and you should be back in Softice.Press F5 twice,remember there is three dialog boxes.Now we want to disable the break point we set earlier,type bd 00 and press return or bd * and press return then when that is done press F11 once and we should end up here. 014F:00404A56 E8AD9A0000 CALL USER32!GetDlgItemTextA 014F:00404A5B 47 INC EDI <--------WE LAND HERE 014F:00404A5C 83FF03 CMP EDI,03 014F:00404A5F 7CD7 JL 00404A38 014F:00404A61 8D8538FFFFFF LEA EAX,[EBP-00C8] 014F:00404A67 50 PUSH EAX <--------OUR SERIAL 014F:00404A68 8D95D4FEFFFF LEA EDX,[EBP-012C] 014F:00404A6E 52 PUSH EDX <--------OUR E-MAIL 014F:00404A6F 8D8D70FEFFFF LEA ECX,[EBP-0190] 014F:00404A75 51 PUSH ECX <--------OUR NAME 014F:00404A76 E871F8FFFF CALL 004042EC <----REAL SERIAL CALCULATED HERE 014F:00404A7B 83C40C ADD ESP,0C 014F:00404A7E A2DCBA4100 MOV [0041BADC],AL 014F:00404A83 8BC6 MOV EAX,ESI 014F:00404A85 663D4101 CMP AX,0141 014F:00404A89 7507 JNZ 00404A92 014F:00404A92 663D4301 CMP AX,0143 014F:00404A96 7507 JNZ 00404A9F 014F:00404A9F 6A01 PUSH 01 014F:00404AA1 53 PUSH EBX 014F:00404AA2 E8919A0000 CALL USER32!EndDialog 014F:00404AA7 B801000000 MOV EAX,00000001 014F:00404AAC EB02 JMP 00404AB0 014F:00404AB0 5F POP EDI 014F:00404AB1 5E POP ESI 014F:00404AB2 5B POP EBX 014F:00404AB3 8BE5 MOV ESP,EBP 014F:00404AB5 5D POP EBP 014F:00404AB6 C21000 RET 0010 The highlight bar should be on address 014F:00404A5B,don't move anywhere because we're going to do a search for the fake serial number we entered,we type like this, s 0 l ffffffff "998899" or whatever fake serial you entered.Now you should see something like this, Pattern found at: 014F:0065F738 (0065F738) and your fake serial in the data window.So now we want to set a break point at this address.We do that like this; bpr 30:0065f738 30:0065f738+6 rw [If you entered more than 6 characters for your code,it would bpr 30:0065f738 30:0065f738+ length of characters you entered rw] Don't forget to hit return.Ok now that our break point is set we press F5 once again and land here; 014F:00408072 FC CLD 014F:00408073 F2AE REPNZ SCASB <--------WE LAND HERE 014F:00408075 F7D1 NOT ECX 014F:00408077 8D41FF LEA EAX,[ECX-01] 014F:0040807A 5F POP EDI 014F:0040807B 5D POP EBP 014F:0040807C C3 RET The highlight bar will be at address 014F:00408073.Once again we don't move from where we landed.Just type ED ES:EDI and you will see your fake serial in the data window.Now type ED ES:ESI and what do you see up there in all it's glory,thats right the correct serial for the information you entered. The information is stored in your registry at; HKEY_LOCAL_MACHINE\SOFTWARE\SORCERER\Lines98\RegName HKEY_LOCAL_MACHINE\SOFTWARE\SORCERER\Lines98\RegEmail HKEY_LOCAL_MACHINE\SOFTWARE\SORCERER\Lines98\RegCode Now you can export those three keys and use them as a reg file. So thats it for my second tutorial I hope I've helped you out in some way or another.Also if you want to keep this program pay the Author the lousy $9 he's asking for this game.This tutorial is for educational purposes only and should not be used to steal software. Many Thanks Go to all the Crackers out there who find the time to help people like myself learn the ART of Reverse Engineering. SeeYa DABERT